> The Flock source added “Even if Flock took a stance on permitted use-cases, a motivated user could simply lie about why they're performing a search. We can never 100% know how or why our tools are being used.” A second Flock source said they believe Flock should develop a better idea of what its clients are using the company’s technology for.
In other words, why bother with safeguards when they'll just lie to us anyways?
For instance, just making it a rule that they are not allowed to lie to you about how things are being used -- we know that won't work because if they're willing to lie they are also willing to ignore contract violations.
Instead, put in a rule that says misuse of the system costs $X for each documented case. Now the vendor has a financial incentive to detect misuse, and the purchasers have a FINANCIAL incentive to curb misuse by their own employees.
It's not a magic fix, but it's the sort of thing that might help.
Make a neutral third party liable for the cost and then that third party which is mostly disinterested gets to calculate risk and compliance procedures.
The only way we're really going to get data handling under control is to give the victims of data abuse financial beneficiaries of liability through the courts and insurance companies.